pocket-id: add service on trantor

- Add pocket-id service with nginx reverse proxy - Domain: auth.baduhai.dev - Uses SQLite database - Generate encryption key stored in age secrets
2026-04-22 11:15:39 -03:00 · 2026-04-22 11:15:39 -03:00 · 46d811a37e
commit 46d811a37e
parent ce7f597f01
4 changed files with 29 additions and 0 deletions
--- a/aspects/hosts/_trantor/pocket-id.nix
+++ b/aspects/hosts/_trantor/pocket-id.nix
@ -0,0 +1,17 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+{
+  services.pocket-id = {
+    enable = true;
+    environmentFile = "/etc/nixos/secrets/pocket-id.key";
+    settings = {
+      APP_URL = "https://auth.baduhai.dev";
+      TRUST_PROXY = true;
+      ANALYTICS_DISABLED = true;
+    };
+  };
+}
--- a/data/services.nix
+++ b/data/services.nix
@ -23,6 +23,12 @@
      host = "trantor";
      public = true;
    }
+    {
+      name = "pocket-id";
+      domain = "auth.baduhai.dev";
+      host = "trantor";
+      public = true;
+    }
    {
      name = "nextcloud";
      domain = "cloud.baduhai.dev";
--- a/secrets/pocket-id.key
+++ b/secrets/pocket-id.key
@ -0,0 +1 @@
+/Vg7Fgr1Gy+Jx84+5BwE+I+njloA6DDnCX2K3yVKB9Y=
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -32,6 +32,11 @@ in
    rotterdam-user
    trantor
  ];
+  "pocket-id.key.age".publicKeys = [
+    io-user
+    rotterdam-user
+    trantor
+  ];
  "miniflux-admincreds.age".publicKeys = [
    io-user
    rotterdam-user
				`@ -0,0 +1 @@`
				`/Vg7Fgr1Gy+Jx84+5BwE+I+njloA6DDnCX2K3yVKB9Y=`